CVE-2016-6699

A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code...

CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."...

CVE-2015-8962

Double free vulnerability in the sgcommonwrite function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service memory corruption and system crash by detaching a device during an SGIO ioctl call...

CVE-2015-8961

The ext4journalstop function in fs/ext4/ext4jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service use-after-free by leveraging improper access to a certain error field...

CVE-2016-6735

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

CVE-2016-6736

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

CVE-2016-6734

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

CVE-2016-7911

Race condition in the gettaskioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service use-after-free via a crafted ioprioget system call...

dirtyc0w

A race condition in the Linux kernel's handling of copy-on-write COW operations means that users can gain write access to otherwise read-only areas of memory and gain permissions...

CVE-2016-3927

Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244...

CVE-2016-3926

Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953...

CVE-2016-3928

The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384...

CVE-2016-7117

Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing...

CVE-2016-0758

Integer overflow in lib/asn1decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data...

CVE-2016-3862

media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjheadjni, which allows remote attackers to execute arbitrary code or cause a denial of service...

CVE-2016-5340

The isashmemfile function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center QuIC Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem...

CVE-2014-9529

Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during...

CVE-2016-3861

LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2013-7446

Use-after-free vulnerability in net/unix/afunix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AFUNIX socket permissions or cause a denial of service panic via crafted epollctl calls...

CVE-2016-4470

The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2 command...

CVE-2016-3134

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service heap memory corruption via an IPTSOSETREPLACE setsockopt call...

CVE-2016-3951

Double free vulnerability in drivers/net/usb/cdcncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service system crash or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor...

CVE-2014-9863

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470...

CVE-2016-3840

Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153...

CVE-2015-2686

net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for 1 sendto and 2 recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copyfromiter function in the ioviter interface, as demonstrated by the Bluetooth...

CVE-2016-2504

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 2013 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974...

CVE-2014-9902

Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 2013 devices allows remote attackers to execute arbitrary code via a crafted Information Element IE in an 802.11 management frame, aka Android internal bug 28668638 and...

CVE-2016-3819

Integer overflow in codecs/on2/h264dec/source/h264bsddpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted...

CVE-2016-3841

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...

CVE-2016-3842

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974...

CVE-2016-3821

libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service NULL pointer dereference or memory corruption via a craft...

CVE-2016-3857

The kernel in Android before 2016-08-05 on Nexus 7 2013 devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518...

CVE-2016-3820

The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 28673410...

CVE-2016-2508

media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service memory...

CVE-2016-2505

mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 28333006...

CVE-2016-2503

The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal bug CR1006067...

CVE-2016-3743

decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 27907656...

CVE-2016-3771

The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102...

CVE-2016-3770

The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28346752 and MediaTek internal bug ALPS02703102...

CVE-2016-3773

The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008363 and MediaTek internal bug ALPS02703102...

CVE-2016-3775

The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X, Nexus 6, Nexus 6P, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28588279...

CVE-2014-9795

app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bu...

CVE-2016-3742

decoder/ih264dprocessintramb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 28165659...

CVE-2016-3767

The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28169363 and MediaTek internal bug ALPS02689526...

CVE-2014-9794

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0973. Reason: This candidate is a reservation duplicate of CVE-2014-0973. Notes: All CVE users should reference CVE-2014-0973 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2016-3741

The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 28165661...

CVE-2016-3774

The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008609 and MediaTek internal bug ALPS02703102...

CVE-2016-3772

The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008188 and MediaTek internal bug ALPS02703102...

CVE-2016-3768

The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 2013 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28172137 and Qualcomm internal bug CR1010644...

CVE-2016-3769

The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656...